Open data and protection of personal data: What does the law provide? Conversation with Grégory Labrousse, CEO & Founder @ nam.R

When talking about big data, there are two contradictory reactions: some are amazed at the new innovations that are based on big data while others are concerned about abuse of personal data. How do French and European legal frameworks respond to these new data usages?

Usage of big data has evolved from ‘simple’ data mining to constructing statistical models which are able to make predictions on incomplete data. Be it data that’s just produced, collected or made available under specific conditions, at all the stages, it has potential applications in all areas of daily and economic life.

A discriminatory paradigm shift?

In the field of big data, predictive modeling methods allow phenomenal advances in creating services but this also poses some serious questions on ethics. “On the one hand, what we try to know through data is no longer based on priori but possibly by data processing. On the other hand, these predictions tend to see individuals not on the basis
of their past behaviors but on the probability of their future actions. Thus, issues like discrimination and equal access to aggregated data are emerging.” analyses Grégory Labrousse.

However, the European and French laws dealing with this subject (Directive 95/46 / EC and the Data Protection Act) were drafted before this paradigm shift and they consider a predefined processing purpose: ‘Data should be adequate, relevant and not excessive in relation to the purposes for which they are transferred or further processed.’

Were any legal safeguards created since then in order to ensure rational use of big data?

European Union has addressed this issue in 2015: the European Data Protection Supervisor has laid down four principles for protection of personal data. Any use of data must: – ensure that privacy is taken into account in the way information systems work. This is called ‘privacy by design’. – guarantee the transparency of data processing. – allow
natural persons to control their data by right to data portability and right to delete. – respect the principle of ‘accountability’ by documenting, evaluating and analyzing the impact of data usage. The European Union Agency for Network and Information Security (ENISA) made recommendations along the same lines in its 2015 report.